0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-11-18 07:52:56 +01:00
synapse/docs/systemd-with-workers
Jason Little e4f545c452
Remove worker_replication_* settings (#15491)
* Add master to the instance_map as part of Complement, have ReplicationEndpoint look at instance_map for master.

* Fix typo in drive by.

* Remove unnecessary worker_replication_* bits from unit tests and add master to instance_map(hopefully in the right place)

* Several updates:

1. Switch from master to main for naming the main process in the instance_map. Add useful constants for easier adjustment of names in the future.
2. Add backwards compatibility for worker_replication_* to allow time to transition to new style. Make sure to prioritize declaring main directly on the instance_map.
3. Clean up old comments/commented out code.
4. Adjust unit tests to match with new code.
5. Adjust Complement setup infrastructure to only add main to the instance_map if workers are used and remove now unused options from the worker.yaml template.

* Initial Docs upload

* Changelog

* Missed some commented out code that can go now

* Remove TODO comment that no longer holds true.

* Fix links in docs

* More docs

* Remove debug logging

* Apply suggestions from code review

Co-authored-by: reivilibre <olivier@librepush.net>

* Apply suggestions from code review

Co-authored-by: reivilibre <olivier@librepush.net>

* Update version to latest, include completeish before/after examples in upgrade notes.

* Fix up and docs too

---------

Co-authored-by: reivilibre <olivier@librepush.net>
2023-05-11 11:30:56 +01:00
..
system Minor cleanup to Debian packaging (#11269) 2021-11-07 21:18:33 +00:00
workers Remove worker_replication_* settings (#15491) 2023-05-11 11:30:56 +01:00
README.md Replace federation_reader with generic_worker in docs (#12457) 2022-04-14 13:09:07 +01:00

Setting up Synapse with Workers and Systemd

This is a setup for managing synapse with systemd, including support for managing workers. It provides a matrix-synapse service for the master, as well as a matrix-synapse-worker@ service template for any workers you require. Additionally, to group the required services, it sets up a matrix-synapse.target.

See the folder system for the systemd unit files.

The folder workers contains an example configuration for the generic_worker worker.

Synapse configuration files

See the worker documentation for information on how to set up the configuration files and reverse-proxy correctly. Below is a sample generic_worker worker configuration file.

{{#include workers/generic_worker.yaml}}

Systemd manages daemonization itself, so ensure that none of the configuration files set either daemonize or worker_daemonize.

The config files of all workers are expected to be located in /etc/matrix-synapse/workers. If you want to use a different location, edit the provided *.service files accordingly.

There is no need for a separate configuration file for the master process.

Set up

  1. Adjust synapse configuration files as above.
  2. Copy the *.service and *.target files in system to /etc/systemd/system.
  3. Run systemctl daemon-reload to tell systemd to load the new unit files.
  4. Run systemctl enable matrix-synapse.service. This will configure the synapse master process to be started as part of the matrix-synapse.target target.
  5. For each worker process to be enabled, run systemctl enable matrix-synapse-worker@<worker_name>.service. For each <worker_name>, there should be a corresponding configuration file. /etc/matrix-synapse/workers/<worker_name>.yaml.
  6. Start all the synapse processes with systemctl start matrix-synapse.target.
  7. Tell systemd to start synapse on boot with systemctl enable matrix-synapse.target.

Usage

Once the services are correctly set up, you can use the following commands to manage your synapse installation:

# Restart Synapse master and all workers
systemctl restart matrix-synapse.target

# Stop Synapse and all workers
systemctl stop matrix-synapse.target

# Restart the master alone
systemctl start matrix-synapse.service

# Restart a specific worker (eg. generic_worker); the master is
# unaffected by this.
systemctl restart matrix-synapse-worker@generic_worker.service

# Add a new worker (assuming all configs are set up already)
systemctl enable matrix-synapse-worker@federation_writer.service
systemctl restart matrix-synapse.target

Hardening

Optional: If further hardening is desired, the file override-hardened.conf may be copied from contrib/systemd/override-hardened.conf in this repository to the location /etc/systemd/system/matrix-synapse.service.d/override-hardened.conf (the directory may have to be created). It enables certain sandboxing features in systemd to further secure the synapse service. You may read the comments to understand what the override file is doing. The same file will need to be copied to /etc/systemd/system/matrix-synapse-worker@.service.d/override-hardened-worker.conf (this directory may also have to be created) in order to apply the same hardening options to any worker processes.

Once these files have been copied to their appropriate locations, simply reload systemd's manager config files and restart all Synapse services to apply the hardening options. They will automatically be applied at every restart as long as the override files are present at the specified locations.

systemctl daemon-reload

# Restart services
systemctl restart matrix-synapse.target

In order to see their effect, you may run systemd-analyze security matrix-synapse.service before and after applying the hardening options to see the changes being applied at a glance.